query mysql_escape_string

**giancalr** · 15 Mar 2018, 11:35 AM

Hi we use zen cart 155e, we have a file that uses this query $ sql [] = "LCASE (t1.products_name) LIKE '%". Mysqli_escape_string ($ v). "%'"; up to the php version 5.6 works perfectly, doing the update to version 7 of course does not work because mysql has been deprecated, how can you turn the query into mysqli? Thank you

**lat9** · 15 Mar 2018, 12:01 PM

You can use the Zen Cart function zen_db_prepare_input instead; it calls a database function which ultimately calls mysqli_escape_string, if that function is available.

**giancalr** · 15 Mar 2018, 12:45 PM

Thanks I solved by doing this:

$ con = @mysqli_connect (DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD);
$ s [] = $ v;
$ sql [] = "LCASE (t1.products_name) LIKE '%". mysqli_escape_string ($ con, $ v). "%'";

regards

**lat9** · 15 Mar 2018, 01:12 PM

Save yourself a "world of hurt" and make use of the built-in Zen Cart $db object (and associated procedural functions) when accessing the Zen Cart database. Those classes and functions are there to insulate your code from underlying PHP changes (like the deprecation/removal of the mysql_* interfaces).

**mc12345678** · 15 Mar 2018, 01:38 PM

Originally Posted by lat9

You can use the Zen Cart function zen_db_prepare_input instead; it calls a database function which ultimately calls mysqli_escape_string, if that function is available.

This may have been the case in the past; however, in ZC 1.5.5-1.5.5f the specific mysqli_ function is not invoked through zen_db_prepare_input on either the catalog or admin, it is accessible though through $db->prepare_input($stringText).

Originally Posted by lat9

Save yourself a "world of hurt" and make use of the built-in Zen Cart $db object (and associated procedural functions) when accessing the Zen Cart database. Those classes and functions are there to insulate your code from underlying PHP changes (like the deprecation/removal of the mysql_* interfaces).

HIGHLY AGREE that where it is possible to support/accomplish the desired/intended function that ZC code should be used to interface with ZC.

**lat9** · 15 Mar 2018, 01:44 PM

Originally Posted by mc12345678

This may have been the case in the past; however, in ZC 1.5.5-1.5.5f the specific mysqli_ function is not invoked through zen_db_prepare_input on either the catalog or admin, it is accessible though through $db->prepare_input($stringText).

HIGHLY AGREE that where it is possible to support/accomplish the desired/intended function that ZC code should be used to interface with ZC.

Thanks for the correction!

**mc12345678** · 15 Mar 2018, 03:18 PM

Originally Posted by lat9

Thanks for the correction!

Forgot to add that I didn't review what *is* done through zen_db_prepare_input against the discussed mysqli_ function to see if the same operational result is obtained. Without that review it may (or not) do the same thing just through a different method.

**lat9** · 15 Mar 2018, 03:26 PM

I always get zen_db_prepare_input confused with zen_db_input; it's the latter procedural function that currently results in a call to mysqli_escape_string.

**swguy** · 24 Jun 2019, 03:05 PM

Originally Posted by lat9

I always get zen_db_prepare_input confused with zen_db_input; it's the latter procedural function that currently results in a call to mysqli_escape_string.

This would be a great topic for the developer's notes.
https://docs.zen-cart.com/Developer_Documentation/v2

Thread: query mysql_escape_string

Thread Tools

Search Thread

Display

query mysql_escape_string

Re: query mysql_escape_string

Re: query mysql_escape_string

Re: query mysql_escape_string

Re: query mysql_escape_string

Re: query mysql_escape_string

Re: query mysql_escape_string

Re: query mysql_escape_string

Re: query mysql_escape_string

Similar Threads

v151 reuse of SQL query results without rerunning query and with minimal memory use

v154 Help with a SQL Query for Query Builder

query

v151 SQL query setup. How do I TEST a query 'off-line'?

Bookmarks

Bookmarks

Posting Permissions